Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
cjunior
Participant

Management API "show logs" not working as expected (R80.40 last jumbo)

Hello,

I hope you are doing well.

I'm trying to collect logs with paging, but it get wrong for sometimes . It starts fine at first page and after few collected pages, the result is an empty logs list although the logs-count parameter shows that there must be log entries.

I have no idea where to find the way to fix this issue.

First command run: (always OK for any filter values)

mgmt_cli show logs new-query.time-frame last-7-days new-query.max-logs-per-request 50 new-query.filter app_category:Spam --session-id VWxBmdBgKK0ZRCXteLAD3xQtajmIPEcfYC9uQXguyPs --version 1.6.1 --debug on --format json

Paging command: (OK till 3 or 4 attempts / Depends on filter or max-logs-per-request values informed)

mgmt_cli show logs query-id WEB_API_4bd6e105-3479-4737-8c07-3e937954b1aa --session-id VWxBmdBgKK0ZRCXteLAD3xQtajmIPEcfYC9uQXguyPs --version 1.6.1 --debug on --format json


API debug result (on fail):

Put into map [query-id]=[WEB_API_4bd6e105-3479-4737-8c07-3e937954b1aa]
Command: 'show-logs', JSON Payload is: '{"query-id":"WEB_API_4bd6e105-3479-4737-8c07-3e937954b1aa"}'
Command [show-logs]
Adding version to the URL: [1.6.1]
The URL with version [https://127.0.0.1:443/web_api/v1.6.1]
URL [https://127.0.0.1:443/web_api/v1.6.1]
Headers: [X-chkp-sid: VWxBmdBgKK0ZRCXteLAD3xQtajmIPEcfYC9uQXguyPs, Accept: application/json, user-agent: mgmt_cli, Content-Type: application/json]
SendRequest
Adding version to the URL: [1.6.1]
The URL with version [https://127.0.0.1:443/web_api/v1.6.1]
Full URL [https://127.0.0.1:443/web_api/v1.6.1/show-logs]
Using internal Check Point certificate verification
.
.
.
Local fingerprint is equal to the remote one
SSLCtxVerifyCB returns [true]
CRestRequest::WriteData
size=[1], nmemb=[17]
received data = [HTTP/1.1 200 OK
]
Data [HTTP/1.1 200 OK
] is written
CRestRequest::WriteData
size=[1], nmemb=[37]
received data = [Date: Thu, 17 Jun 2021 19:45:38 GMT
]
Data [Date: Thu, 17 Jun 2021 19:45:38 GMT
] is written
CRestRequest::WriteData
size=[1], nmemb=[14]
received data = [Server: CPWS
]
Data [Server: CPWS
] is written
CRestRequest::WriteData
size=[1], nmemb=[64]
received data = [Strict-Transport-Security: max-age=31536000; includeSubDomains
]
Data [Strict-Transport-Security: max-age=31536000; includeSubDomains
] is written
CRestRequest::WriteData
size=[1], nmemb=[29]
received data = [X-Frame-Options: SAMEORIGIN
]
Data [X-Frame-Options: SAMEORIGIN
] is written
CRestRequest::WriteData
size=[1], nmemb=[32]
received data = [Content-Type: application/json
]
Data [Content-Type: application/json
] is written
CRestRequest::WriteData
size=[1], nmemb=[32]
received data = [X-UA-Compatible: IE=EmulateIE8
]
Data [X-UA-Compatible: IE=EmulateIE8
] is written
CRestRequest::WriteData
size=[1], nmemb=[28]
received data = [X-Forwarded-Host-Port: 443
]
Data [X-Forwarded-Host-Port: 443
] is written
CRestRequest::WriteData
size=[1], nmemb=[28]
received data = [Transfer-Encoding: chunked
]
Data [Transfer-Encoding: chunked
] is written
CRestRequest::WriteData
size=[1], nmemb=[2]
received data = [
]
Data [
] is written
CRestRequest::WriteData
size=[1], nmemb=[102]
received data = [{
"logs" : [ ],
"logs-count" : 50,
"query-id" : "WEB_API_4bd6e105-3479-4737-8c07-3e937954b1aa"
}
0

]
Data [{
"logs" : [ ],
"logs-count" : 50,
"query-id" : "WEB_API_4bd6e105-3479-4737-8c07-3e937954b1aa"
}] is written
Send request succeeded. Response code [200]
Success message [{
"logs" : [ ],
"logs-count" : 50,
"query-id" : "WEB_API_4bd6e105-3479-4737-8c07-3e937954b1aa"
}]
Error message []
Getvalue of parameter [task-id] from json
Missing [task-id] field in json
Getvalue of parameter [login-required] from json
Missing [login-required] field in json
Getvalue of parameter [tasks] from json
Missing [tasks] field in json
No task-id in response

 

Please help me with this.

Thank you in advance.

cjunior

 

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin

Just so I understand:

  • The initial query succeeds (which just sets up a task)
  • The first few queries to pull results based on task-id also succeeds.
  • After a few requests, the query to pull results fails.

Do I have that right?
Recommend a TAC case here.

0 Kudos
cjunior
Participant

Yes, you got it perfectly.


Now we realize that we have problem to get logs on EventLog or SmartView as well. It present log gaps for time frame or filter queries.

e.g.
#1 - "last-7-days" "app_category:Spam", we can see few logs not from today.

#2 - "today" "app_category:Spam": we can see few logs from today that not appears in query above.

#3 -"last-hour" "app_category:Spam": we can see few logs from last hour that not appears in "today" time frame.

In other words, the logs exists but sometimes cannot be retrieved due to some query issue.

Anyway, I'm to going to open a ticket on TAC.

Thank you for the help.

cjunior

0 Kudos